End-host address assignment options for IPv6 networks
Overview of the different ways IPv6 end-host address assignment can be configured.
Address Types and ScopeFirst, we need a quick understanding of the different address types in IPv6 which are referred to as "scope".
- Global scope addresses are the ones we most used to, the regular globally
reachable address and often registered in DNS. For UW-Madison, our global prefix is 2607:f388::/32.
- Link-Local scope is used within a particular subnet
only and are not routable at all. They start with the IPv6 prefix fe80::/64. In IPv4,
these are most similar to 169.254.x.x addresses hosts use if they do not have global
addresses, however in IPv6 they are always configured.
- Loopback is the how a host can refer to itself, similar to 127.0.0.1 in
IPv4. The IPv6 address is ::1/128 and is also called Host Scope.
- Multicast can be used both with link-local, site-local, and global scope. This is
how, for example, nodes on a given lan can find each other. Multicast addresses are in the range
ff00::/8. More on IPv6 Multicast
- Broadcast is not used in IPv6 in favor of Multicast.
- Site-Local scope is specific to an enterprise. However as
an addressing range, it has been deprecated since 2004. Documentation that referrers to it or
the range fec0::/10 is out of date.
- Uniform Local Addressing to some degree replaces site-local. ULA is similar
to RFC 1918 address in IPv4, but with some differences. ULA is relatively new, and there still is
an amount of churn in the standards bodies about how the addresses should be used. UW Network
Services discourages the use ULA at this time.
Now, we can discuss how hosts can be assigned Global scope addresses.
Stateless AutoconfigurationThis is one of the most common mechanisms used for IPv6 address assignment. A host listens (or solicits) for messages from the router about what network prefix the host is on. The host then takes the network prefix, and appends its mac address in a modified form (by inserting FF:FE in the middle, and setting the 7th bit to a 1) and uses that as the global scope address. This is typically the default on Unixes (OS X, Linux, BSD, Solaris, etc).
Prefix announced by router: 2607:f388:f:100::/64
Host mac address: 00:0C:29:4A:7C:B0
Autoconfigured address: 2607:f388:f:100:20c:29ff:fe4a:7cb0/64
Stateless Autoconfiguration w/ Privacy ExtensionsOne of the issues with the above method is that mac addresses are typically unique globally. If a host moved between subnets (or from UW to a user's home) the network prefix portion of the address would be different, but the lower 64 bits of the address would remain the same. This global uniqueness is then a privacy concern because a machine would potentially be recognizable regardless of where it connected to the internet.
To combat this, a host can still take the network prefix announced by the router, but then generate a random identifier to use for the host portions of the address. To take things further, the host can change the lower bits periodically to help stay anonymous.
This is the default behavior on some Microsoft platforms, and particularly annoying in enterprise environments. However, it can be disabled using the registry or netsh commands:
netsh interface ipv6 set privacy state=disabled store=persistent netsh interface ipv6 set global randomizeidentifiers=disabled store=persistent
Static ConfigurationPerhaps the most obvious mechanism for giving a host a global scope address is to assign one and statically configure on the host. However, some hosts may still also automatically configure dynamic addresses unless configured not to. This is particularly annoying for servers or for where firewalling is used. Example: IPv6 static address configuration for linux hosts. Also, see the note near the bottom of this page on disabling autoconfiguration.
Stateless Autoconfiguration w/ stateless DHCPv6After using one of the above mechanisms for address assignment, the typical next step is to configure DNS servers for the host to use. This can be done via a lightweight DHCPv6 server who's only job is to hand out options, but not keep track of address assignments. This can be used with Microsoft operating systems newer than XP. The routers on the network must be configured to announce to clients that stateless DHCP service is available. Stateless DHCPv6 clients are not included as part of OS X.
Stateless Autoconfiguration w/ DNS Advertisement (RFC 5006)A new way to assign DNS servers in IPv6 is to have the routers announce them out to the network along with the prefix. UW's routers currently can not send this option, and client support for RFC 5006 nearly non-existent.
Stateful DHCPv6Networks can be configured to only use DHCP for addressing and options. This is very similar to how DHCP is typically used on IPv4 networks. Some differences are that the network's routers must be configured to tell the clients to use statefull DHCP, and support for identifying a host based on its mac addresses across a relay may be problematic (match on the DUID instead). Stateful DHCPv6 clients are not included as part of OS X.
If you use stateful DHCPv6 for all hosts on a lan, it is possible to turn off autoconfiguration. See the note near the bottom of this page.